hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

java.io tests

Browse Source
This commit is contained in:
Tony Torralba
2023-03-14 11:21:33 +01:00
parent db83fe6f42
commit cad5cd4037
6 changed files with 813 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

792
java/ql/test/library-tests/frameworks/jdk/java.io/Test.java Normal file
View File

@@ -0,0 +1,792 @@
package generatedtest;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.CharArrayReader;
import java.io.CharArrayWriter;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.Reader;
import java.io.StringReader;
import java.io.Writer;
import java.net.URI;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.file.Path;
// Test case generated by GenerateFlowTestCase.ql
public class Test {
Object getThrowable_messageDefault(Object container) {
return null;
}
Object source() {
return null;
}
void sink(Object o) {}
public void test() throws Exception {
{
// "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual"
BufferedInputStream out = null;
InputStream in = (InputStream) source();
out = new BufferedInputStream(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual"
BufferedInputStream out = null;
InputStream in = (InputStream) source();
out = new BufferedInputStream(in, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual"
BufferedReader out = null;
Reader in = (Reader) source();
out = new BufferedReader(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual"
BufferedReader out = null;
Reader in = (Reader) source();
out = new BufferedReader(in, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
BufferedReader in = (BufferedReader) source();
out = in.readLine();
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual"
ByteArrayInputStream out = null;
byte[] in = (byte[]) source();
out = new ByteArrayInputStream(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual"
ByteArrayInputStream out = null;
byte[] in = (byte[]) source();
out = new ByteArrayInputStream(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual"
byte[] out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
out = in.toByteArray();
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
out = in.toString((Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
out = in.toString((String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
out = in.toString();
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
out = in.toString(0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual"
OutputStream out = null;
ByteArrayOutputStream in = (ByteArrayOutputStream) source();
in.writeTo(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual"
CharArrayReader out = null;
char[] in = (char[]) source();
out = new CharArrayReader(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual"
CharArrayReader out = null;
char[] in = (char[]) source();
out = new CharArrayReader(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint;manual"
char[] out = null;
CharArrayWriter in = (CharArrayWriter) source();
out = in.toCharArray();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInput in = (DataInput) source();
in.readFully(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInput in = (DataInput) source();
in.readFully(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInputStream in = (DataInputStream) source();
in.readFully(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInputStream in = (DataInputStream) source();
in.readFully(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInputStream in = (ObjectInputStream) source();
in.readFully(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInputStream in = (ObjectInputStream) source();
in.readFully(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
DataInput in = (DataInput) source();
out = in.readLine();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
DataInputStream in = (DataInputStream) source();
out = in.readLine();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
ObjectInputStream in = (ObjectInputStream) source();
out = in.readLine();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
DataInput in = (DataInput) source();
out = in.readUTF();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
DataInputStream in = (DataInputStream) source();
out = in.readUTF();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
ObjectInputStream in = (ObjectInputStream) source();
out = in.readUTF();
sink(out); // $ hasTaintFlow
}
{
// "java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint;manual"
DataInputStream out = null;
InputStream in = (InputStream) source();
out = new DataInputStream(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
File out = null;
File in = (File) source();
out = new File(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
File out = null;
String in = (String) source();
out = new File(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
File out = null;
String in = (String) source();
out = new File(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual"
File out = null;
URI in = (URI) source();
out = new File(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual"
File out = null;
String in = (String) source();
out = new File((File) null, in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual"
File out = null;
String in = (String) source();
out = new File((String) null, in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual"
File out = null;
File in = (File) source();
out = in.getAbsoluteFile();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
File in = (File) source();
out = in.getAbsolutePath();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual"
File out = null;
File in = (File) source();
out = in.getCanonicalFile();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
File in = (File) source();
out = in.getCanonicalPath();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;getName;();;Argument[-1];ReturnValue;taint;manual"
String out = null;
File in = (File) source();
out = in.getName();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual"
Path out = null;
File in = (File) source();
out = in.toPath();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
File in = (File) source();
out = in.toString();
sink(out); // $ hasTaintFlow
}
{
// "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual"
URI out = null;
File in = (File) source();
out = in.toURI();
sink(out); // $ hasTaintFlow
}
{
// "java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;manual"
FilterOutputStream out = null;
OutputStream in = (OutputStream) source();
out = new FilterOutputStream(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;IOException;false;IOException;(String);;Argument[0];Argument[-1].SyntheticField[java.lang.Throwable.message];value;manual"
IOException out = null;
String in = (String) source();
out = new IOException(in);
sink(getThrowable_messageDefault(out)); // $ hasValueFlow
}
{
// "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInputStream in = (DataInputStream) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
FilterInputStream in = (FilterInputStream) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
InputStream in = (InputStream) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
BufferedInputStream in = (BufferedInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ByteArrayInputStream in = (ByteArrayInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
DataInputStream in = (DataInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
FilterInputStream in = (FilterInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
InputStream in = (InputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInputStream in = (ObjectInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual"
byte[] out = null;
ByteArrayInputStream in = (ByteArrayInputStream) source();
out = in.readAllBytes();
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual"
byte[] out = null;
InputStream in = (InputStream) source();
out = in.readAllBytes();
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ByteArrayInputStream in = (ByteArrayInputStream) source();
in.readNBytes(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
InputStream in = (InputStream) source();
in.readNBytes(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;readNBytes;(int);;Argument[-1];ReturnValue;taint;manual"
byte[] out = null;
InputStream in = (InputStream) source();
out = in.readNBytes(0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual"
OutputStream out = null;
ByteArrayInputStream in = (ByteArrayInputStream) source();
in.transferTo(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual"
OutputStream out = null;
InputStream in = (InputStream) source();
in.transferTo(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual"
InputStreamReader out = null;
InputStream in = (InputStream) source();
out = new InputStreamReader(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual"
InputStreamReader out = null;
InputStream in = (InputStream) source();
out = new InputStreamReader(in, (Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual"
InputStreamReader out = null;
InputStream in = (InputStream) source();
out = new InputStreamReader(in, (CharsetDecoder) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual"
InputStreamReader out = null;
InputStream in = (InputStream) source();
out = new InputStreamReader(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInput in = (ObjectInput) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInput in = (ObjectInput) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual"
byte[] out = null;
ObjectInputStream in = (ObjectInputStream) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint;manual"
ObjectInputStream out = null;
InputStream in = (InputStream) source();
out = new ObjectInputStream(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual"
FilterOutputStream out = null;
byte[] in = (byte[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual"
ObjectOutputStream out = null;
byte[] in = (byte[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual"
OutputStream out = null;
byte[] in = (byte[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual"
PrintStream out = null;
byte[] in = (byte[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual"
ByteArrayOutputStream out = null;
byte[] in = (byte[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual"
FilterOutputStream out = null;
byte[] in = (byte[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual"
ObjectOutputStream out = null;
byte[] in = (byte[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual"
OutputStream out = null;
byte[] in = (byte[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual"
PrintStream out = null;
byte[] in = (byte[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual"
ByteArrayOutputStream out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual"
FilterOutputStream out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual"
ObjectOutputStream out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual"
OutputStream out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual"
PrintStream out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
CharBuffer out = null;
CharArrayReader in = (CharArrayReader) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
CharBuffer out = null;
InputStreamReader in = (InputStreamReader) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
CharBuffer out = null;
Reader in = (Reader) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
BufferedReader in = (BufferedReader) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
CharArrayReader in = (CharArrayReader) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
InputStreamReader in = (InputStreamReader) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
Reader in = (Reader) source();
in.read(out);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
Reader in = (Reader) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual"
char[] out = null;
StringReader in = (StringReader) source();
in.read(out, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint;manual"
StringReader out = null;
String in = (String) source();
out = new StringReader(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
CharArrayWriter out = null;
String in = (String) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
CharArrayWriter out = null;
char[] in = (char[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
CharArrayWriter out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
PrintWriter out = null;
String in = (String) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
PrintWriter out = null;
String in = (String) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
PrintWriter out = null;
char[] in = (char[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
PrintWriter out = null;
char[] in = (char[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
PrintWriter out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
Writer out = null;
String in = (String) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
Writer out = null;
String in = (String) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
Writer out = null;
char[] in = (char[]) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
Writer out = null;
char[] in = (char[]) source();
out.write(in, 0, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual"
Writer out = null;
int in = (int) source();
out.write(in);
sink(out); // $ hasTaintFlow
}
}
}

0
java/ql/test/library-tests/frameworks/jdk/java.io/test.expected Normal file
View File

6
java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getThrowable_messageDefault", "(Object)", "", "Argument[0].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/jdk/java.io/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

10
java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -16,6 +16,8 @@ edges
| Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:17:61:17:72 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:19:41:19:52 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:21:56:21:67 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:23:46:23:57 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:25:38:25:49 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:27:36:27:47 | source(...) : String |
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:29:31:29:42 | source(...) : String |
@@ -24,6 +26,8 @@ edges
| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:35:54:35:65 | source(...) : String |
| mad/Test.java:17:61:17:72 | source(...) : String | mad/Test.java:17:52:17:72 | (...)... |
| mad/Test.java:19:41:19:52 | source(...) : String | mad/Test.java:19:32:19:52 | (...)... |
| mad/Test.java:21:56:21:67 | source(...) : String | mad/Test.java:21:47:21:67 | (...)... |
| mad/Test.java:23:46:23:57 | source(...) : String | mad/Test.java:23:39:23:57 | (...)... |
| mad/Test.java:25:38:25:49 | source(...) : String | mad/Test.java:25:31:25:49 | (...)... |
| mad/Test.java:27:36:27:47 | source(...) : String | mad/Test.java:27:29:27:47 | (...)... |
| mad/Test.java:29:31:29:42 | source(...) : String | mad/Test.java:29:24:29:42 | (...)... |
@@ -55,6 +59,10 @@ nodes
| mad/Test.java:17:61:17:72 | source(...) : String | semmle.label | source(...) : String |
| mad/Test.java:19:32:19:52 | (...)... | semmle.label | (...)... |
| mad/Test.java:19:41:19:52 | source(...) : String | semmle.label | source(...) : String |
| mad/Test.java:21:47:21:67 | (...)... | semmle.label | (...)... |
| mad/Test.java:21:56:21:67 | source(...) : String | semmle.label | source(...) : String |
| mad/Test.java:23:39:23:57 | (...)... | semmle.label | (...)... |
| mad/Test.java:23:46:23:57 | source(...) : String | semmle.label | source(...) : String |
| mad/Test.java:25:31:25:49 | (...)... | semmle.label | (...)... |
| mad/Test.java:25:38:25:49 | source(...) : String | semmle.label | source(...) : String |
| mad/Test.java:27:29:27:47 | (...)... | semmle.label | (...)... |
@@ -82,6 +90,8 @@ subpaths
| Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
| mad/Test.java:17:52:17:72 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:17:52:17:72 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:19:32:19:52 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:19:32:19:52 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:21:47:21:67 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:21:47:21:67 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:23:39:23:57 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:23:39:23:57 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:25:31:25:49 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:25:31:25:49 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:27:29:27:47 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:27:29:27:47 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |
| mad/Test.java:29:24:29:42 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:29:24:29:42 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value |

6
java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java
View File

@@ -12,15 +12,15 @@ public class Test {
return address.getHostName();
}
void test(InetAddress address) throws IOException {
void test() throws IOException {
// "java.lang;Module;true;getResourceAsStream;(String);;Argument[0];read-file;ai-generated"
getClass().getModule().getResourceAsStream((String) source(null));
// "java.lang;Class;false;getResource;(String);;Argument[0];read-file;ai-generated"
getClass().getResource((String) source(null));
// "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
ClassLoader.getSystemResource((String) source(null));
ClassLoader.getSystemResourceAsStream((String) source(null));
// "java.io;File;true;createTempFile;(String,String,File);;Argument[2];create-file;ai-generated"
File.createTempFile(";", (String) source(null));
File.createTempFile(";", ";", (File) source(null));
// "java.io;File;true;renameTo;(File);;Argument[0];create-file;ai-generated"
new File("").renameTo((File) source(null));
// "java.io;FileInputStream;true;FileInputStream;(File);;Argument[0];read-file;ai-generated"